Privacy Policy
Effective date: 5 May 2026 Last updated: 5 May 2026
This Privacy Policy describes how FitConnect (“we”, “us”, “our”) collects, uses, and shares information when you use the FitConnect mobile application (the “App”). FitConnect is a discovery platform that helps clients find personal trainers and helps trainers list their services. We do not process or facilitate payments between clients and trainers — those arrangements happen privately, outside the App.
If you have questions about this policy, contact us at alem.zukic77@gmail.com.
1. Information we collect
1.1 Account information
When you create an account, we collect:
- Email address
- Display name
- Profile photo (optional)
- Role (client or trainer)
If you sign up with Google or Apple Sign-In, we receive the same fields from those providers.
1.2 Trainer profile information
If you register as a trainer, we additionally collect:
- City and approximate coordinates (latitude/longitude) for map placement
- Specializations, certifications, years of experience
- Gallery images and short bio
- Pricing per session
- Online/offline status
1.3 Client activity
If you register as a client, we additionally collect:
- Booking history with trainers
- Ratings and reviews you submit
- Aggregate session statistics (total sessions, minutes, streak)
1.4 Health data (optional, opt-in)
On iOS we may read health metrics from Apple HealthKit (steps, active calories, heart rate, active minutes). On Android, the equivalent comes from Health Connect. Health data is read on-device and never leaves your phone unless you explicitly opt in to share it with a trainer via the Wearable Settings screen. When sharing is enabled, daily snapshots are stored in our database under your user account, and only trainers you have booked with can read them.
1.5 Location
With your permission, we use your device GPS to:
- Show trainers near you on the Discover map
- Calculate distances on trainer cards
We do not store your real-time location on our servers. Trainers’ own self-declared location coordinates are stored to render them on the map.
1.6 Chat messages
Messages between you and trainers/clients you connect with are stored on our servers so they sync across your devices. Only the participants in a chat thread can read its messages.
1.7 Boost token purchases
When you (as a trainer) buy “boost credits” via Apple In-App Purchase, we receive from Apple/RevenueCat:
- App Store transaction ID
- Product identifier and price tier
- Purchase timestamp and environment (sandbox or production)
We do not receive your credit card number, full billing address, or any direct payment details. Apple handles all payments.
1.8 Push notification tokens
If you grant notification permission, we store an Expo push token tied to your user account so we can deliver booking and chat notifications.
1.9 Diagnostic data
We use Firebase services which automatically collect basic diagnostic information (crash reports, performance metrics, device model, OS version) to help us fix bugs and improve performance.
2. How we use your information
We use the data above to:
- Authenticate you and keep you signed in
- Display trainers on the map and in search results
- Process bookings and ratings
- Deliver chat messages and push notifications
- Grant you boost credits after a verified purchase
- Show you health stats you have authorized
- Diagnose crashes and improve the App
3. Sharing with third parties
We rely on the following third-party services. Each is a “data processor” acting on our behalf, except where noted:
| Service | Purpose | Data shared |
|---|---|---|
| Firebase Authentication | Account sign-in | Email, OAuth tokens |
| Cloud Firestore | App data storage | All app content (profiles, bookings, chats) |
| Firebase Cloud Storage | Photo and gallery storage | Uploaded images |
| Firebase Cloud Functions | Backend processing (IAP webhooks, etc.) | Internal — Apple App Store transaction data |
| Firebase Cloud Messaging | Push notifications | Push tokens, notification payloads |
| Apple App Store | In-App Purchases (boost credits) | Apple ID-linked transaction data |
| RevenueCat | IAP delivery confirmation and analytics | Anonymized user ID, product, transaction ID |
| Google Maps & Places APIs | Map tiles and gym discovery | Location queries (no user identifier) |
| Apple HealthKit (iOS) | On-device health data — does not leave device | None to us unless opt-in |
| Android Health Connect | On-device health data — does not leave device | None to us unless opt-in |
| Expo Push Service | Push notification delivery | Push tokens, notification payloads |
We do not sell your personal data. We do not share data with advertising networks.
We may disclose information when required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of our users.
4. Public profile information
Trainer profiles (display name, photo, city, specializations, ratings, gallery) are visible to all authenticated users of the App so clients can discover them. Client profiles are not publicly listed; only trainers you book with will see your name and photo in the booking record.
5. Data retention
We retain your data for as long as your account is active. If you delete your account (Profile → Delete Account), we permanently remove:
- Your user profile
- Your bookings, chats, messages, and credit transactions
- Your uploaded photos and gallery items
Some records may persist briefly in encrypted backups for up to 30 days before being automatically purged.
6. Security
We use industry-standard encryption in transit (HTTPS / TLS) and at rest (Firebase managed encryption). Authentication tokens are stored in secure device storage (iOS Keychain / Android Keystore). However, no system is perfectly secure, and we cannot guarantee absolute security.
7. Your rights
Depending on your jurisdiction (e.g., GDPR for EU residents, CCPA for California residents), you may have the right to:
- Access the personal data we hold about you
- Correct inaccuracies
- Delete your data (in-app via Profile → Delete Account, or by emailing us)
- Object to or restrict processing
- Data portability (a machine-readable export)
To exercise these rights, email alem.zukic77@gmail.com from the email address associated with your account.
8. Children
The App is not directed to children under 17. We do not knowingly collect information from children under 17. If you believe a child has registered, contact us and we will remove the account.
9. International transfers
Our servers (Firebase / Google Cloud) are located in the United States and the European Union. By using the App you consent to the transfer of your data to these regions, where data protection laws may differ from those in your country.
10. Changes to this policy
We may update this policy from time to time. Material changes will be announced in the App and reflected in the “Last updated” date above. Your continued use of the App after a change means you accept the updated policy.
11. Contact
Questions, requests, or concerns: alem.zukic77@gmail.com